Microsoft has confirmed a new critical vulnerability affecting the SMBv3 protocol in the latest version of Windows 10 that could allow an attacker to remotely execute code on an SMB server or client.
In a recent security bulletin, Microsoft explained that the vulnerability affects Windows 10 and Windows Server versions 1903 and 1909, although it has not been exploited by hackers.
Microsoft is aware of a RCE vulnerability in the way that the SMBv3 protocol handles certain requests. If you wish to be notified when updates for this vulnerability are available, please follow the guidance in the advisory linked here: https://t.co/x5Z658xQ6t
— Security Response (@msftsecresponse) March 10, 2020
The SMBv3 protocol is a network file sharing protocol that allows applications on a computer to read files and request services from the server.
Exploits for SMB servers allow unauthenticated attackers to send specially crafted packets to the target SMBv3 server. And trick users into connecting to that server.
Even if there is no fix for this vulnerability, Microsoft recommends that IT administrators disable SMBv3 to prevent attackers from using this vulnerability to target SMB servers.